Architecture of Smart Certificates for Web3 Applications Against
Cyberthreats in Financial Industry
- URL: http://arxiv.org/abs/2311.01956v1
- Date: Fri, 3 Nov 2023 14:51:24 GMT
- Title: Architecture of Smart Certificates for Web3 Applications Against
Cyberthreats in Financial Industry
- Authors: Stefan Kambiz Behfar, Jon Crowcroft
- Abstract summary: This study addresses security challenges associated with the current internet, specifically focusing on emerging technologies as blockchain and decentralized storage.
It also investigates the role of Web3 applications in shaping the future of the internet.
- Score: 2.795656498870966
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: This study addresses the security challenges associated with the current
internet transformations, specifically focusing on emerging technologies such
as blockchain and decentralized storage. It also investigates the role of Web3
applications in shaping the future of the internet. The primary objective is to
propose a novel design for 'smart certificates,' which are digital certificates
that can be programmatically enforced. Utilizing such certificates, an
enterprise can better protect itself from cyberattacks and ensure the security
of its data and systems. Web3 recent security solutions by companies and
projects like Certik, Forta, Slither, and Securify are the equivalent of code
scanning tool that were originally developed for Web1 and Web2 applications,
and definitely not like certificates to help enterprises feel safe against
cyberthreats. We aim to improve the resilience of enterprises' digital
infrastructure by building on top of Web3 application and put methodologies in
place for vulnerability analysis and attack correlation, focusing on
architecture of different layers, Wallet/Client, Application and Smart
Contract, where specific components are provided to identify and predict
threats and risks. Furthermore, Certificate Transparency is used for enhancing
the security, trustworthiness and decentralized management of the certificates,
and detecting misuses, compromises, and malfeasances.
Related papers
- Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC)
ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic.
We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
arXiv Detail & Related papers (2024-11-21T18:26:05Z) - Conceptual Design and Implementation of FIDO2 compatible Smart Card for Decentralized Financial Transaction System [0.2678472239880052]
Existing passwordless and password-based peer to peer transactions in online banking systems are vulnerable to advanced forms of digital attacks.
This paper proposes a novel and robust peer to peer transaction system which employs best cloud security practices, proper use of cryptography and trusted computing to mitigate common vulnerabilities.
arXiv Detail & Related papers (2024-08-09T10:08:10Z) - SETC: A Vulnerability Telemetry Collection Framework [0.0]
This paper introduces the Security Exploit Telemetry Collection (SETC) framework.
SETC generates reproducible vulnerability exploit data at scale for robust defensive security research.
This research enables scalable exploit data generation to drive innovations in threat modeling, detection methods, analysis techniques, and strategies.
arXiv Detail & Related papers (2024-06-10T00:13:35Z) - Differentiated Security Architecture for Secure and Efficient Infotainment Data Communication in IoV Networks [55.340315838742015]
Negligence on the security of infotainment data communication in IoV networks can unintentionally open an easy access point for social engineering attacks.
In particular, we first classify data communication in the IoV network, examine the security focus of each data communication, and then develop a differentiated security architecture to provide security protection on a file-to-file basis.
arXiv Detail & Related papers (2024-03-29T12:01:31Z) - HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs)
TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks.
We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z) - Blockchain-based Zero Trust on the Edge [5.323279718522213]
This paper proposes a novel approach based on Zero Trust Architecture (ZTA) extended with blockchain to further enhance security.
The blockchain component serves as an immutable database for storing users' requests and is used to verify trustworthiness by analyzing and identifying potentially malicious user activities.
We discuss the framework, processes of the approach, and the experiments carried out on a testbed to validate its feasibility and applicability in the smart city context.
arXiv Detail & Related papers (2023-11-28T12:43:21Z) - SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes.
SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices.
We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
arXiv Detail & Related papers (2023-09-26T08:11:38Z) - Resilient Risk based Adaptive Authentication and Authorization (RAD-AA)
Framework [3.9858496473361402]
We discuss the design considerations for a secure and resilient authentication and authorization framework capable of self-adapting based on the risk scores and trust profiles.
We call this framework as Resilient Risk based Adaptive Authentication and Authorization (RAD-AA)
arXiv Detail & Related papers (2022-08-04T11:44:29Z) - 'They're all about pushing the products and shiny things rather than
fundamental security' Mapping Socio-technical Challenges in Securing the
Smart Home [1.52292571922932]
Insecure connected devices can cause serious threats not just to smart home owners, but also the underlying infrastructural network as well.
There has been increasing academic and regulatory interest in addressing cybersecurity risks from both the standpoint of Internet of Things (IoT) vendors and that of end-users.
We interviewed 13 experts in the field of IoT and identified three main categories of barriers to making IoT products usably secure.
arXiv Detail & Related papers (2021-05-25T08:38:36Z) - Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance.
We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems.
We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z) - Smart Home, security concerns of IoT [91.3755431537592]
The IoT (Internet of Things) has become widely popular in the domestic environments.
People are renewing their homes into smart homes; however, the privacy concerns of owning many Internet connected devices with always-on environmental sensors remain insufficiently addressed.
Default and weak passwords, cheap materials and hardware, and unencrypted communication are identified as the principal threats and vulnerabilities of IoT devices.
arXiv Detail & Related papers (2020-07-06T10:36:11Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.